Unix System Security
david newall
CCDN at levels.sait.edu.au
Mon Jan 15 23:19:34 AEST 1990
tgg at otter.hpl.hp.com (Tom Gardner) writes:
> I want to hear about *fixes* [ to security holes ] as quickly as possible.
> The original posting could have resulted in details of *open* holes being
> widely circulated and read by persons of unknown responsibility; I hope you
> would agree that would be unwise.
I want security holes fixed as quickly as possible. Sitting quietly, waiting
for fixes, does little to add urgency to such problems.
The recent internet worm, which took advantage of a number of long standing
security holes, serves as a fine example of how these issues can be ignored.
Despite the fact that these were "well known" security problems, nothing had
been done to correct the situation.
I am grateful to the author, or authors, of the internet worm. They brought
to the attention of the world, these rather obvious problems, and in such a
way that the problems were fixed, and were fixed quickly. Never the less,
the legal ramifications of the worm are likely to deter anyone else from
using a similar technique to advertise security holes. Perhaps the author
(or authors) might have served their purpose better by posting the program,
not running it?
David Newall Phone: +61 8 343 3160
Unix Systems Programmer Fax: +61 8 349 6939
Academic Computing Service E-mail: ccdn at levels.sait.oz.au
SA Institute of Technology Post: The Levels, South Australia, 5095
More information about the Comp.lang.c
mailing list